Method for providing a secure communication between two devices and application of this method

ABSTRACT

A method of providing a secure communication between first and second devices is described. The method includes encrypting a random key using an encryption key at a first device and transferring the encrypted random key to the second device for encryption of data communicated from the second device to the first device. The encrypted data received from the second device is decrypted using the random key. The method typically includes transferring a control word encrypted with an encryption key to the second device for decryption, and encryption using the random key. The encrypted control word received from the second device is then decrypted using the random key. The invention extends to a method of enabling a decoder, and to a decoder, to decode a data stream. It also extends, inter alia, to a method of authenticating an enabling device and to an enabling device.

[0001] The present invention relates to a method for providing a securecommunication between two devices, in particular between devices used ina pay TV system.

[0002] In a pay TV system each subscriber generally has a decoder fordescrambling the source component signal, wherein said decoder comprisesa conditional access module and a smart card for decrypting entitlementcontrol messages and entitlement management messages. In order toprevent unauthorized operation of the decoder for descrambling a sourcecomponent signal it is important to prevent switching between anauthorized and an unauthorized smart card for example.

[0003] The invention aims to provide a method of the above-mentionedtype wherein the communication between two devices, such as the controlaccess module and the smart card or the decoder and the conditionalaccess module, is arranged in such a manner that switching betweenauthorized and unauthorized devices is not possible.

[0004] According to the invention a method is provided, wherein a firstdevice generates a random key (Ci) and transfers said key to a seconddevice in a first message encrypted using a public key, wherein saidsecond device decrypts the first encrypted message by means of acorresponding secret key to obtain said random key (Ci), wherein saidrandom key is used to encrypt and decrypt further transmissions betweensaid devices.

[0005] According to the invention this method can be applied in adecoder for a pay TV system, wherein said decoder comprises aconditional access module and a smart card, wherein said method isapplied to provide a secure communication between the control accessmodule and the smart card or between the decoder and the conditionalaccess module.

[0006] The invention further provides a decoder for a pay TV system,comprising a conditional access module and a smart card, saidconditional access module comprising means for generating a random key(Ci), means for encrypting said key in a first encrypted message using apublic key encryption method, means for transfering said first encryptedmessage to the smart card, said smart card comprising means forreceiving and decrypting said first encrypted message to obtain saidrandom key, means for encrypting transmissions to the conditional accessmodule under said random key, said conditional access module havingmeans to decrypt said transmissions received from the smart card.

[0007] In a further embodiment of the invention, said decoder comprisesa conditional access module and a smart card, wherein said decodercomprises means for generating a random key (Ci), means for encryptingsaid key in a first encrypted message using a public key encryptionmethod, means for transfering said first encrypted message to theconditional access module, said conditional access module comprisingmeans for receiving and decrypting said first encrypted message toobtain said random key, means for encrypting transmissions to thedecoder under said random key, said decoder having means to decrypt saidtransmissions received from the conditional access module.

[0008] The invention will be further explained by reference to thedrawings in which an embodiment of the method of the invention isexplained as applied in a decoder for a pay TV system.

[0009]FIG. 1 shows a block diagram of an embodiment of the decoderaccording to the present invention.

[0010]FIG. 2 shows a sequence of steps of an embodiment of the method ofthe invention.

[0011] Referring to FIG. 1 there is shown in a very schematical manner ablock diagram of a decoder for a pay TV system, wherein digitalinformation signals are scrambled using a control word in accordancewith the Eurocrypt standard for example. In this embodiment the decodercomprises a demodulator 1, a demultiplexer 2 and a decompression unit 3.The decoder further comprises a conditional access module or CAM 4 and asmart card 5 which can be inserted into a connection slot of theconditional access module 4. Further the decoder is provided with amicroprocessor 6 for configuration and control purposes.

[0012] The conditional access module 4 is provided with a descramblerunit 7 and a microprocessor 8 having a memory 9. The smart card 5comprises a microprocessor 10 having a memory 11.

[0013] As the operation of the above-mentioned parts of the decoder isnot a part of the present invention, this operation will not bedescribed in detail. Typically, the signal received by the demodulator 1is a modulated data stream between 950 MHz and 2050 MHz. The output ofthe demodulator 1 is a scrambled digital data stream which is providedto the CAM 4 and the descrambler 7 will be allowed to descramble thisscrambled data stream assuming that an authorized smart card has beeninserted and the subscriber is entitled to receive the program. Thedescrambled data stream is demultiplexed by the demultiplexer 2 anddecompressed and converted into the original analogue audio and videosignal by the decompression unit 3.

[0014] In a pay TV system the control word required for descrambling, istransferred to the subscribers in so-called entitlement control messagescontaining the control word encrypted using a service key. This servicekey is downloaded in the memory 11 of the smart card 5 by means of aso-called entitlement management message for example. During operationthe CAM 4 transfers the entitlement control messages towards themicroprocessor 10 of the smart card 5 so that the microprocessor 10 canprocess the entitlement control message and extract the control word.Thereafter the smart card 5 returns the decrypted control word towardsthe CAM 4 so that the descrambler 7 is allowed to descramble the digitaldata stream received from the demodulator 1.

[0015] In order to prevent the use of an unauthorized smart card 5 incombination with the CAM 4 it is important to provide a securecommunication between the CAM 4 and the smart card 5. According to thepresent invention the following method is used to provide such a securecommunication. The steps of this method are shown in FIG. 2. When asmart card is inserted into the decoder, the microprocessor 8 of the CAM4 will generate two random numbers Ci and A. The microprocessor 8 willencrypt in a first message the random numbers Ci and A under a publickey of the CAM 4. The thus obtained first message is transferred to thesmart card 5 and the microprocessor 10 will decrypt this first messageusing the secret key of the CAM 4. Thereafter the microprocessor 10 willreturn a second message to the CAM 4, said second message being therandom number A encrypted under the number Ci used as encryption key.The microprocessor 8 of the CAM 4 decrypts this second message andverifies whether the random number A is correct. Assuming that therandom number A is indeed correct, so that it may be assumed that theinserted smart card 5 is an authorized smart card, the CAM 4 will thenforward entitlement control messages containing the encrypted controlword to the smart card 5 which will process the entitlement controlmessage and extract the control word in a conventional manner. However,in the return message towards the CAM 4, the smart card will forward theextracted control word encrypted under the key Ci and these encryptedcontrol words are decrypted by the microprocessor 8 using the same keyCi. As soon as one tries to replace the inserted smart card 5 by another smart card, for example by switching from the authorized smartcard 5 to an unauthorized smart card, the CAM 4 will immediatelyestablish such change as the key Ci will not be known to the new smartcard, so that the CAM will no longer be able to descramble the returnmessages containing the control word. Thereby the descrambler unit 7will be disabled.

[0016] The method described can be used in the same manner for providinga secure communication between the CAM 4 and the decoder, wherein thesame protocol as shown in FIG. 2 is followed.

[0017] In summary it will be understood that if a new CAM 4 is connectedto the other decoder parts, the microprocessor 6 of the decoder willgenerate the two random numbers Ci and A and as soon as themicroprocessor 6 has decrypted the second message received from themicroprocessor 8 of the CAM 4, and has verified that the random number Ais correct, the key Ci will be used in all transmissions between the CAM4 and the microprocessor 6.

[0018] The invention is not restricted to the above-describedembodiments which can be varied in a number of ways within the scope ofthe claims. As an example for a further embodiment the CAM (i.e. thedescrambler) may be part of the decoder. The decoder would now challengethe smart card to authenticate itself to obtain a secure communicationbetween the smart card and the decoder.

1. Method for providing a secure communication between two devices,wherein a first device generates a random key (Ci) and transfers saidkey to a second device in a first message encrypted using a public key,wherein said second device decrypts the first encrypted message by meansof a corresponding secret key to obtain said random key (Ci), whereinsaid random key is used to encrypt and decrypt transmissions betweensaid devices.
 2. Method according to claim 1, wherein after decryptingsaid encrypted message, said second device first returns said random key(Ci) in a second encrypted message with an authentication to said firstdevice.
 3. Method according to claim 2, wherein for providing saidauthentication said first device further generates a random number (A)and transfers this random number (A) together with said random key (Ci)in said first encrypted message to the second device, wherein the seconddevice uses said random number (A) for authentication in the secondencrypted message.
 4. Method according to claim 3, wherein said seconddevice encrypts said random number (A) under said random key (Ci) toobtain said second encrypted message.
 5. Application of the method ofanyone of the preceding claims in a decoder for a pay TV system, whereinsaid decoder comprises a conditional access module (CAM) and a smartcard (SC), wherein said method is applied to provide a securecommunication between the control access module and the smart card. 6.Application of the method of anyone of claims 1-4 in a decoder for a payTV system, wherein said decoder comprises a conditional access module(CAM) and a smart card (SC), wherein said method is applied to provide asecure communication between the decoder and the conditional accessmodule.
 7. Decoder for a pay TV system, comprising a conditional accessmodule and a smart card, said conditional access module comprising meansfor generating a random key (Ci), means for encrypting said key in afirst encrypted message using a public key encryption method, means fortransfering said first encrypted message to the smart card, said smartcard comprising means for receiving and decrypting said first encryptedmessage to obtain said random key, means for encrypting transmissions tothe conditional access module under said random key, said conditionalaccess module having means to decrypt said transmissions received fromthe smart card.
 8. Decoder according to claim 7, wherein said smart cardcomprises means for returning said random key to the conditional accessmodule in a second encrypted message with an authentication.
 9. Decoderaccording to claim 8, wherein said generating means of the conditionalaccess module further generates a random number which is included insaid first encrypted message, wherein the smart card is adapted to usesaid random number as authentication in the second encrypted message.10. Decoder for a pay TV system, comprising a conditional access moduleand a smart card, wherein said decoder comprises means for generating arandom key (Ci), means for encrypting said key in a first encryptedmessage using a public key encryption method, means for transfering saidfirst encrypted message to the conditional access module, saidconditional access module comprising means for receiving and decryptingsaid first encrypted message to obtain said random key, means forencrypting transmissions to the decoder under said random key, saiddecoder having means to decrypt said transmissions received from theconditional access module.
 11. Decoder according to claim 10, whereinsaid conditional access module comprises means for returning said randomkey to the decoder in a second encrypted message with an authentication.12. Decoder according to claim 11, wherein said generating means of thedecoder further generates a random number which is included in saidfirst encrypted message, wherein the conditional access module isadapted to use said random number as authentication in the secondencrypted message.